CVE-2024-3829

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

CVE-2024-3584

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-3584

CVE-2024-3584 affects qdrant/qdrant (version 1.9.0-dev) and is caused by improper input validation in the /collections/{name}/snapshots/upload endpoint, enabling path traversal via URL-encoded name to write/overwrite arbitrary files (e.g., /root/poc.txt). The vulnerability can lead to full system...

PT-2024-4072 · Qdrant · Qdrant

Name of the Vulnerable Software and Affected Versions: qdrant/qdrant version 1.9.0-dev Description: The issue is related to improper input validation in the "/collections/name/snapshots/upload" endpoint, allowing for path traversal. By manipulating the name parameter through URL encoding, an...